Sanitise notification HTML
5bc696b5abcd
Actions

Authored by davidedmundson on Jan 31 2018, 2:28 PM.

Description

Sanitise notification HTML

Summary:
Qt labels support a HTML subset, using a completely internal parser in
QTextDocument.

The Notification spec support an even smaller subset of notification
elements.

It's important to strip out irrelevant tags that could potentially load
remote information without user interaction, such as img
src or even <b style="background:url...

But we want to maintain the basic rich text formatting of bold and
italics and links.

This parser iterates reads the XML, copying only permissable tags and
attributes.

A future obvious improvement would be to merge the original regular
expressions into this stream parser, but I'm trying to minimise
breakages to get this into 5.12.

Test Plan:
Moved code into it's own class for easy unit testing
Tried a bunch of things, including what the old regexes were doing

Also ran notify send with a few options to make sure things worked

Reviewers: Plasma, fvogt

Reviewed By: fvogt

Subscribers: aacid, fvogt, plasma-devel

Tags: Plasma

Differential Revision: https://phabricator.kde.org/D10188

Details

Committed

davidedmundson

Jan 31 2018, 2:28 PM

Reviewer

fvogt

Differential Revision

D10188: Sanitise notification HTML

Parents

R120:265ab9596548: SVN_SILENT made messages (.desktop file) - always resolve ours

Branches

Unknown

Tags

Unknown

davidedmundson committed R120:5bc696b5abcd: Sanitise notification HTML (authored by davidedmundson).Jan 31 2018, 2:28 PM

Changes (5)

				Path	Packages
	M			dataengines/notifications/CMakeLists.txt
	A			dataengines/notifications/notifications_test.cpp
	A			dataengines/notifications/notificationsanitizer.cpp
	P			dataengines/notifications/notificationsanitizer.h Copied from dataengines/devicenotifications/devicenotificationsengine.h
	M			dataengines/notifications/notificationsengine.cpp